Weaknesses of type CWE-434
2,800 resultsCVE-2026-8134CRITICALConcrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File InclusionEPSS 0.7%CVE-2024-7620MEDIUMCustomizer Export/Import <= 0.9.7 - Authenticated (Admin+) Arbitrary File Upload via Customization Settings ImportEPSS 0.7%CVE-2023-33498HIGHalist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.EPSS 0.7%CVE-2025-29287CRITICALAn arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crEPSS 0.7%CVE-2023-3491HIGHUnrestricted Upload of File with Dangerous Type in fossbilling/fossbillingEPSS 0.7%CVE-2024-53822CRITICALWordPress Pie Register Premium plugin < 3.8.3.3 - Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2024-42777CRITICALAn Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which alloEPSS 0.7%CVE-2025-3917CRITICAL百度站长SEO合集(支持百度/神马/Bing/头条推送) <= 2.0.6 - Unauthenticated Arbitrary File UploadEPSS 0.7%CVE-2024-9038MEDIUMCodezips Online Shopping Portal insert-product.php unrestricted uploadEPSS 0.7%CVE-2024-48781CRITICALAn issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a speciallEPSS 0.7%CVE-2023-31585CRITICALGrocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php.EPSS 0.7%CVE-2024-32256HIGHPhpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. EPSS 0.7%CVE-2023-53868HIGHCoppermine Gallery 1.6.25 Remote Code Execution via Plugin UploadEPSS 0.7%CVE-2022-45966CRITICALhere is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.EPSS 0.7%CVE-2022-46102CRITICALAyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.phpEPSS 0.7%CVE-2024-56046CRITICALWordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerabilityEPSS 0.7%CVE-2021-26628HIGHMaxBoard XSS and File Upload VulnerabilityEPSS 0.7%CVE-2026-29041HIGHChamilo: Authenticated Remote Code Execution via Unrestricted File UploadEPSS 0.7%CVE-2024-35510CRITICALAn arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uEPSS 0.7%CVE-2022-1411CRITICALUnrestructed file upload in yetiforcecompany/yetiforcecrmEPSS 0.7%